<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:sec="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<!-- windows authentication provider -->
	<bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />
	
	<!-- collection of security filters -->
	<bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
		<constructor-arg ref="waffleWindowsAuthProvider" />
	</bean>
	
	<bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
		<constructor-arg ref="waffleWindowsAuthProvider" />
	</bean>
	
	<bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
		<constructor-arg>
			<list>
				<ref bean="negotiateSecurityFilterProvider" />   			
				<ref bean="basicSecurityFilterProvider" />   			
			</list>
		</constructor-arg>
	</bean>
	
	<!-- spring filter entry point -->
	<sec:http entry-point-ref="negotiateSecurityFilterEntryPoint">
		<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
		<sec:custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />
	</sec:http>

	<bean id="negotiateSecurityFilterEntryPoint" class="waffle.spring.NegotiateSecurityFilterEntryPoint">
		<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
	</bean>
	
	<!-- spring authentication provider -->
	<sec:authentication-manager alias="authenticationProvider" />
		
	<!-- spring security filter -->
	<bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
		<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
		<property name="AllowGuestLogin" value="false" />
		<property name="PrincipalFormat" value="fqn" />
		<property name="RoleFormat" value="both" />
	</bean>
</beans>
